Ill-desiged transform sequences from Gregor Karlinger on 2002-04-30 (w3c-ietf-xmldsig@w3.org from April to June 2002)

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Tue, 30 Apr 2002 09:33:02 +0200
To: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Message-ID: <01fa01c1f019$434e5420$7b00a8c0@iaik.at>

Recently I had a discussion with a customer regarding
the legality of an XML signature bearing a reference
that has the following structure (which does not make 
sense at all, but should demonstrate the problem):

  1. The URI attribute contains the empty string "";
  2. The first transform is a C14N transform;
  3. The second transform is an enveloped sig. tf.

I argued that such a signature is not legal regarding
the processing model of XMLDSIG, since it is impossible
to cut out the signature from a node set which, due
to the intermediate C14N transform, does not represent
the original XML document bearing the XML signature.

A similar problem occurs, if the env. sig. tf. is re-
placed by an XPath transform using the here() function.

Any opinions?

Regards, Gregor

Received on Tuesday, 30 April 2002 03:33:41 UTC